Privacy

Your right to privacy is important to us. We know that your personal data belongs to you and not to us. That's why we take the security of your information seriously and have strict policies and processes in place to ensure it is kept private and safe.

This privacy notice describes the way we collect your information, how we use it and why.

Who we are

Buy-to-Let Direct is an Appointed Representative of The Business Mortgage Company Services Ltd (TBMC). TBMC is part of Paragon Banking Group (the Group).

The Group is made up of many different legal entities. The letterhead we use when we write to you will let you know which entity you have a relationship with.

Where we use the term 'we' in this notice we mean the relevant member of the Group who is processing your personal information.

The entity you have a relationship with will be the controller of any personal information you provide to us. The Group's Company Registration number is 2336032 and its registered address is 51 Homer Road, Solihull, B91 3QJ.

If you have any queries about how your personal information is used by us, which are not answered in this notice, please contact the Data Protection Officer (DPO) 51 Homer Road, Solihull, B91 3QJ or email DPOenquiries@paragonbank.co.uk.

What is personal data?

Personal data is considered to be any information that either alone, or in combination with other information, would identify you as a living individual. For example, your name and date of birth.

How do we collect your information?

The type of loan or other product you have with us will dictate how your personal information is collected.

Personal information may be provided to us by;

You or a third party

You, as our customer, give us your consent

And may be provided;

electronically

by telephone

within paper correspondence

When applying for a product or service we will ask you to provide some information about yourself for security, identification and verification purposes.

When completing any forms, we will always tell you how your information will be used in relation to the product or service you are applying for within the declaration and in any associated terms and conditions.

When you provide any information about others (eg for a joint account) you must ensure that you have their consent or are otherwise entitled to provide the information to us.

We may monitor or record phone calls with you to ensure we have carried out your instructions correctly, to resolve queries or issues, to improve our quality of service, for regulatory purposes and to help prevent or detect fraud or other crimes. We also record conversations for employee training purposes.

Websites

You can visit our website without telling us who you are or revealing any information about yourself. When we ask you for personal information online it will only be in response to you applying for, or using, one of our online products or services.

We will not use information and/or any statistical analytics tool to track or collect any personally identifiable information about visitors to our site.

We will not associate any data gathered from our website with any personally identifying information from any source. If you have logged into our site, please review our Cookie Policy at www.buytoletdirect.co.uk/cookies-policy to see what information may be recorded.

What personal data do we process?

We may process the following personal information;

Account Number

Full name

Gender

Date of birth

Address (both security and residential)

Address history

Country of birth

National Insurance Number

Tax details such as tax reference numbers

Any User ID you may provide or create

Any password you may provide or create

Memorable Information (provided to us to in some instances to be used as a security check for account access)

Employment details

Corporate Directors â€“ position within the company

Contact details, including phone number and email address

Bank account number

Sort Code

Third party reference numbers

Passport information

Vehicle details

Driving licence information

Device ID including IP addresses

If you have requested a third party act on your behalf, the name and contact details of this party

Throughout the life of your account, you may provide the following information to us:

Your racial or ethnic origin

Political opinions

Your religious or philosophical beliefs

Trade union membership

Data concerning your health

Data concerning your sex life or sexual orientation

These pieces of information are considered to be special categories of data. We will only record them if they are relevant to the management of your account (for example, if you have a medical condition which means you require a bespoke communication approach) and we will not record this information without your explicit consent. You are able to withdraw this consent at any time, just get in touch.

On what basis are we allowed to process your personal data?

Under Data Protection law we are only allowed to process your personal data if we have a proper reason to do so. This includes sharing it outside the Group. The law allows us to process your data for one or more of the following reasons;

to fulfil a contract we have with you

when it is our legal duty

when it is in our legitimate interest

when you consent to it

A legitimate interest is when we have a business or commercial reason to use your information. This reason must not unfairly go against what is right and best for you.

The table below shows the ways we may use your personal information and why;

What we use your personal information for

The reason/s why we can use your personal information

To verify your identity

To manage our relationship with you

To find new ways to meet our customers' needs and to grow our business

To develop and carry out marketing activities

To understand how our customers use our products and services

Fulfil a contract

Legal duty

Legitimate interest

To develop and manage our products and services

To manage how we work with other companies that provide services to us and our customers

Fulfil a contract

Legal duty

Legitimate interest

To deliver our products and services

To make and manage customer payments

To manage fees, charges and interest due on customer accounts

To collect and recover money that is owed to us

Fulfil a contract

Legal duty

Legitimate interest

To respond to complaints and seek to resolve them

To detect, investigate, report and seek to prevent financial crime

To comply with laws and regulations that apply to us

To manage risk for us and our customers

To prevent fraud and money laundering

Fulfil a contract

Legal duty

Legitimate interest

To exercise our rights set out in agreements or contracts

To run our business in an efficient and proper way. This includes managing our financial position, business capability, planning, communications, corporate governance and audit requirements

Legal duty

legitimate interest

To exercise our rights set out in agreements or contracts

Fulfil a contract

Who do we share your personal data with and why?

We may share your personal information with the following third parties;

with your employer(s), landlord, accountant, banker, current and previous lenders and HMRC to request information from them so that we can assess whether you meet the eligibility criteria if you have applied for a mortgage or loan

with businesses who may process data on our behalf as part of a contract

with our insurers for insurance purposes

with valuers and other organisations involved in the provision of valuation services to enable them to carry out valuations of your property

if you use Direct Debits, with the Direct Debit Scheme

with third parties to whom your mortgage, loan or account is, or may be, assigned or transferred

If you are a Limited Company Director, in addition to the above we may also share your information with Creditsafe. They can be contacted at Bryn House, Caerphilly Business Park, Van Road, Caerphilly, CF83 3GR

If you would like to see the information that these credit reference agencies hold about you, please contact them directly; they will be able to explain how you may progress your request and any charges that may apply.

with fraud prevention agencies (including the National Crime Agency, Action Fraud and the Home Office) to protect us from fraud and money laundering. We may also pass information to financial and other organisations involved in fraud prevention including law enforcement agencies who may also access and use this information to detect,
investigate and prevent crime. We may automatically decide that you pose a fraud or money laundering risk or if our processing reveals your behaviour to be consistent with that of known fraudsters or money launderers; or is inconsistent with your previous submissions; or you appear to have deliberately hidden your true identity. If you give false or inaccurate information and we suspect fraud we will record this. Please go to www.cifas.org.uk/privacy-notice to read the Cifas privacy notice in full

with identification checking agencies who will carry out electronic identity checks on you and who will record details of the check, regardless of whether your application proceeds The table below shows the ways we may use your personal information and why;

with third parties where we are legally required or permitted to do so, for example for crime prevention purposes or to protect our right or the rights of our group companies, employees or customers

if you have a mortgage or second charge mortgage with us, we may share information with other lenders who also hold a charge on the property

with regulatory bodies where we are required to do so for legal and regulatory purposes for example, the Financial Services Compensation Scheme (FSCS)

if we buy or sell any business or assets we may share your information with the prospective seller or buyer of the business or assets. If we go through a corporate merger, consolidation, sale of assets or other corporate change, we may also pass your information on to the buyer or our successors in business to ensure they can continue to operate the business effectively or make full use of the assets sold.

Possible consequences of us processing your personal data

If we, or a fraud prevention agency, determine that you pose a fraud or money laundering risk, we may refuse to provide the services and financing you have requested, or we may stop providing existing services to you.

A record of any fraud or money laundering risk will be retained by the fraud prevention agencies, and may result in others refusing to provide services, finance or employment to you. If you have any questions about this, please contact us.

Marketing

From time to time we may make you aware of products or services which are similar to the ones you currently hold with us that may be of interest to you. We will only do this if we consider this type of processing to be a legitimate business interest . You are able to get in touch and ask us to stop sending you these messages at any time. If you chose not to receive marketing information you will still receive important information about your product or service.

How long will we keep your personal information?

We will keep your personal information for as long as you are a customer of Paragon Banking Group. After you stop being a customer we may keep your data for up to 12 years for one of these reasons;

to respond to any questions or complaints

to show that we treated you fairly

to maintain records according to our regulatory and statutory obligations

We will keep your data for longer than this if we cannot delete it for legal, regulatory or technical reasons. We will also keep it for research, fraud prevention, money laundering, capital, liquidity, risk and business forecasting purposes. When this happens, we will make sure that your privacy is protected and we will only use it for these purposes.

Fraud prevention agencies can hold your personal data for different periods of time, and if you are considered to pose a fraud or money laundering risk, your data can be held indefinitely by Paragon.

Your information rights

You have various rights in terms of how and why your personal data is processed. Please contact us at any time if you wish to exercise these rights:

You have the right to rectify and correct inaccurate or out of date information at no extra cost

You may be able to request the deletion or removal of personal data where there is no compelling reason for its continued processing. You don't have an absolute 'right to be forgotten' but we will consider the request in specific circumstances

You have the right to ask us not to use your information for marketing purposes and to ask us to stop sending you marketing communications

You have the right to restrict and/or object to certain processing, providing it meets the requirements set out in law

You have the right to obtain human intervention if contesting a decision based on any automated decision-making means. For example, before offering you a loan, we may carry out an automated credit search. CRA's provide us with data and analytics that may help us with this search and our own data, knowledge, processes and practices will also play a significant role in our decision to lend. If you contest the automated decision, we are able to carry out a manual review of your data. However, this may not change the outcome of the initial automated decision and this may result in you being refused a product or service

You have the right to move, copy or transfer personal data. If we are processing data to perform our obligations to you, or because you consented, if that processing is carried out by automated means, we will help you to move, copy or transfer your personal data to other IT systems. If you request, we will supply you with the relevant personal data in a format which is readily accessible by most IT systems

You have a right to access the personal information that we hold about you. We won't charge you for this request, however, we may charge a reasonable fee if your request is largely unfounded or if you make repeated requests. Please make your request in writing to the team that services your account. If you require a specific document please make this clear. Telephone calls will not be provided as standard as not all departments will record their calls. If you require a specific conversation, please provide as much detail as possible to enable us to locate this on your behalf

Transfer of your personal information overseas

Some or all of your personal information may be transferred to, stored or processed by service provider of ours located in countries outside the European Economic Area (EEA) where data protection laws may not be as strict as they are in the UK.

In these circumstances we will take the necessary steps to ensure that the transfer of your data is in line with UK data protection requirements and that your information is treated securely and protected to a similar standard.

We will only send your data outside the EEA to;

follow your instructions

comply with a legal duty

If we do transfer information outside of the EEA, we will make sure that it is protected in the same way as if it was being used in the EEA. We'll use one of these safeguards;

transfer it to a non-EEA country with privacy laws that give the same protection as the EEA

put in place a contract with the recipient that means they must protect it to the same standards as the EEA Whenever fraud prevention agencies transfer your personal data outside of the EEA, they impose contractual obligations on the recipients of that data to protect your personal data to the standard required in the EEA. They may also require the recipient to subscribe to 'international frameworks' intended to enable secure data sharing. For further information please contact the fraud prevention agencies listed within this notice.

If you chose not to give personal information

We may need to collect personal information by law, under the terms of a contract we have with you. If you chose not to give us this personal information it may delay, or prevent us from meeting our obligations. It may also mean that we cannot perform services needed to run your accounts. It could mean that we cancel a product or service that you have with us.

Complaints

If you wish to complain about how we have treated your personal data, please contact the complaints team within your usual servicing department to discuss your concerns.

You may also refer your concerns to the Information Commissioner's Officer (ICO), the body that regulates the handling of personal data in the UK. You can contact them by:

This website aims to give you general information. It is not advice, nor can it take account of your own particular circumstances.
Your home may be repossessed if you do not keep up repayments on your mortgage. The Financial Conduct Authority does not regulate some forms of mortgages.

Buy-to-Let Direct Limited: registered in England no. 06664758 : Greenmeadow House, 2 Village Way, Greenmeadow Springs Business Park, Cardiff, CF15 7NE.
Buy-to-Let Direct is an Appointed Representative of The Business Mortgage Company Services Ltd and regulated by the Financial Conduct Authority (No. 487867) to transact regulated mortgages and registered as a Consumer buy to let arranger. The FCA does not regulate some investment mortgage contracts.